CVE-2025-14432

Poly Video - Sensitive Data Might Be Written to Log File

CVSS 8.1 HIGHEPSS 0.3%CWE-532

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Produtos afetados

HP Inc · Polycom EagleEye IV HP Inc · Poly EagleEye Cube HP Inc · Poly G7500 HP Inc · Poly Studio A2 HP Inc · Poly Studio E60 HP Inc · Poly Studio E70 HP Inc · Poly Studio G62 HP Inc · Poly Studio USB HP Inc · Poly Studio X30 HP Inc · Poly Studio X32 HP Inc · Poly Studio X50 HP Inc · Poly Studio X52 HP Inc · Poly Studio X70 HP Inc · Poly Studio X72 HP Inc · TC10 HP Inc · TC8

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080